Skip to main content
You must complete the tasks in this section in the CryptoHub UI to enable the Futurex PKCS #11 library to find the key pair generated by using Java keytool in the previous section. This process involves creating a certificate object from the key pair and assigning it an issuance policy.

Create a new certificate object

Perform the following steps to create a new certificate object from the key pair:
1
Log in to the CryptoHub under dual control with your administrator identities.
2
Go to PKI and CA > PKI Signing Approvals.
3
Select [ Add Approval Group ] at the bottom of the page or right-click the window background and select Add Approval Group.
4
Enter a name for the approval group and select [ OK ].
5
Right-click the new approval group and select Permission.
6
Select the Java Jarsigner role in the drop-down menu and select [ Add ]. Then, grant the role the Use permission and select [ Save ].
7
Go to PKI and CA > Certificate Management.
8
Select [ Add CA ] at the bottom of the page or right-click the window background and select Add CA.
9
Enter a name for the X.509 certificate container and change the Owner group to the Java Jarsigner service role. Then, select [ OK ].
10
Right-click the new X.509 certificate container and select Add Certificate > From Private Key.
11
Select the private key you created by using Java keytool in the previous section and select [ OK ].
12
In the Subject DN tab, make the following changes:
  • Preset: Select Classic.
  • Common Name: Enter any name.
13
In the Basic Info tab:
  • Leave all fields set to the default values.
14
In the V3 Extensions tab:
  • Select the Code Signing Certificate Profile
15
Select [ OK ].

Apply an issuance policy

Perform the following steps to apply an issuance policy to the Java Jarsigner code signing certificate:
1
Right-click the Java Jarsigner code signing certificate and select Issuance Policy > Add.
2
In the Basic Info tab, make the following changes:
  • Approvals: Select 0.
  • Allowed hashes: Select SHA-384.
3
In the X.509 tab, make the following change:
  • Default approval group: Select the approval group you created.
4
In the Object Signing tab, make the following change:
  • Allow object signing: Select the checkbox to enable.
5
Select [ OK ].